[Update: 3 comments] Fireeye’s announcement of their discovery of a breach is all over the news. The Reuters article quotes a ‘Western security official’ as saying “Plenty of similar companies have also been popped like this.” I have two comments. First, it’s easy for anyone to label attackers “sophisticated.” Fireeye certainly has more data and…
Read More Fireeye Hack & Culture
Post thumbnail
A few weeks back, I mentioned the Distinguished Lecture I gave at Ruhr University Bochum. I’m happy to say that the video is now online, and I also want to share the references.
Read More We Need a Discipline of Cybersecurity Public HealthThere’s an interesting paper, Mitigating social bias in knowledge graph embeddings from a team at Amazon, which was presented at an academic workshop on bias in knowledge graph construction. The work is interesting, and the availability of approaches like this will be a welcome shift in how we deal with these important issues. Of course,…
Read More Mitigating Social Bias in Knowledge GraphsAs we launched the threat modeling manifesto, we ran into some trouble with TLS. Some of you even reported those troubles, by saying “it’s not working.” Thanks. That’s so helpful. Sarcasm aside, there’s a basic form to a helpful bug report: “I did A, and observed B.” If you want to make it really useful,…
Read More It’s Not Working!
Post thumbnail
We get many things from whiteboards. One of those is a sense of impermanence – that the work on them is a work in progress. That it’s a sketch, rather than a final product. And I missed whiteboards, so working with my partners at Agile Stationery, we created not only whiteboards, but also stencils to…
Read More Stencils and Sketch BooksI’ve signed onto a letter to the European Commission on end to end encrypted communications.
Read More Breaking Encryption Myths (EU Commission on Encryption)
Post thumbnail
There’s a threat modeling manifesto being released today by a diverse set of experts and advocates for threat modeling. We consciously modeled it after the agile manifesto and it’s focused on values and principles. Also, there’s a podcast that gives you a chance to listen, behind-the-scenes at The Threat Modeling Manifesto – Part 1.
Read More A Threat Modeling ManifestoI’m very excited that, on Monday, I’ll be giving a Distinguished Lecture, “We Need A Discipline of Cyber Public Health” at Ruhr University Bochum. It ties together some deeper analysis of where we are with the discipline of security engineering, some of the challenges we face, and how we can solve them. The abstract is:…
Read More We Need A Discipline of Cyber Public HealthBefore the election, I wrote about legitimacy. In that, I said “The second function of democracy is to convince everyone that it produces legitimate and correct choices.” There are two important things worth watching. First, President Trump is attempting to cast doubt on an election in which he was thoroughly rejected by voters. Second, we…
Read More On Legitimacy (After the Election)A little something to make you smile today:
Read More Friday Star Wars: Lego Holiday Celebration